VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 20, 2023· Updated Oct 22, 2024

There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables

CVE-2022-28737

Description

An overflow in shim's handle_image() function allows out-of-bounds writes when loading crafted EFI executables, potentially leading to arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An overflow in shim's handle_image() function allows out-of-bounds writes when loading crafted EFI executables, potentially leading to arbitrary code execution.

Vulnerability

The vulnerability resides in the handle_image() function of shim, which processes EFI executables during the boot process. The function uses the SizeOfRawData field from each section header without proper bounds checking, leading to an integer overflow or out-of-bounds write. This affects shim versions prior to the fix included in the coordinated disclosure of June 2022 [1].

Exploitation

An attacker with the ability to provide a crafted EFI executable—for example, by modifying the boot image or through a supply chain attack—can trigger the overflow. No authentication is required if the attacker can control the boot payload. The attacker must craft a malicious EFI binary with manipulated section headers to cause handle_image() to write beyond allocated buffers [1].

Impact

Successful exploitation results in out-of-bounds memory writes, which can corrupt critical data structures and potentially lead to arbitrary code execution at the firmware level. This could bypass secure boot protections and compromise the entire system [1].

Mitigation

The fix was included in the coordinated disclosure of multiple GRUB2 and shim vulnerabilities in June 2022. Users should update to the latest version of shim that contains the patch. No workaround is available; updating shim is required. As of the publication date, this CVE is not listed on CISA's Known Exploited Vulnerabilities catalog [1].

References
  1. oss-security - [SECURITY PATCH 00/30] Multiple GRUB2 vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

64

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The handle_image() function in shim does not properly validate the SizeOfRawData field of EFI executable sections, allowing for out-of-bounds writes."

Attack vector

An attacker with high privileges and the ability to control EFI executables can craft a malicious EFI image. When shim attempts to load this crafted image, the handle_image() function will process the SizeOfRawData field. If this field is manipulated, it can lead to an out-of-bounds write into memory, potentially resulting in arbitrary code execution [ref_id=1].

Affected code

The vulnerability exists within the handle_image() function in shim, which is responsible for loading and executing EFI executables [ref_id=1].

What the fix does

The provided patch information does not detail the specific changes made to address this vulnerability. However, the advisory indicates that the vulnerability is a buffer overflow in handle_image() when loading crafted EFI executables [ref_id=1]. The fix would involve implementing proper validation for the SizeOfRawData field to prevent out-of-bounds writes.

Preconditions

  • authAttacker must have high privileges.
  • inputAttacker must be able to control crafted EFI executables.

Generated on Jun 6, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.